Search Go hack yourself with Detectify

A web security blog from Detectify

[Alert] New Magento Vulnerability - Unauthenticated Remote Code Execution

May 19, 2016

Are you running Magento version before 2.0.6.? Time to upgrade!
It was recently discovered
that all Magento versions before 2.0.6. (both Community and Enterprise Edition) are vulnerable against an unauthenticated Remote Code Execution. The vulnerability (CVE-2016-4010) could allow an attacker to take over the vulnerable process, consequently even take complete control over the machine, putting your customer data, transaction history and revenues at risk.

[Solution] Upgrade to the 2.0.6 patch as soon as possible

As always, we recommend you to run regular security tests on your website and keep up with all the latest vulnerabilities on our blog.

Stay safe!